<?php
/**
 * 用户管理 - JBlog
 * 
 * @copyright (c) 2008-2010 JBlog (www.lisijie.org)
 * @author lisijie <lisijie86@gmail.com>
 * @version $Id: mod_user.php 523 2010-06-23 10:06:24Z lisijie86 $
*/

!defined('IN_ADMIN') && exit('Access Denied!');

if ( !is_founder() ) { prompt(__('对不起，你没有权限执行这项操作。')); }

empty($ac) && $ac = 'list';

$tabon[$ac] = ' class="on"';
//用户列表
if ( $ac == 'list' ) {
	initGP(array('page','keyword'));
	$page = max(1, intval($page));
	$pagesize = 20;
	$offset = ($page - 1) * $pagesize;
	$url = 'admin.php?mod=user&keyword='.rawurlencode($keyword);
	$wheresql = '1';

	if ( $keyword ) $wheresql .= " AND username LIKE '%$keyword%'";
	
	$count = $db->count('user', $wheresql);
	$result = array();
	if ( $count ) {
		$sql = "SELECT * FROM ".tname('user')."
		WHERE $wheresql ORDER BY id DESC LIMIT $offset, $pagesize";
		$query = $db->query($sql);
		while ($row = $db->fetch_array($query)) {
			$result[] = $row;
		}
	}
//修改用户状态	
} elseif ( $ac == 'upstat' ) {
	$userid = intval($_GET['id']);
	$user = get_user($userid, 'id');
	$status = $user['ischeck'] ? 0 : 1;
	if ( !is_founder($userid) ) {
		update_user($userid, array('ischeck'=>$status));
	}
	do_action('user_upstat');
	redirect($_USER['refer']);
//保存用户添加/修改	
} elseif ($ac == 'save') {
	if ( $_POST['id'] ) {
		$userid = intval($_POST['id']);
		$updata = array();
		if ( is_email($_POST['email']) ) {
			$updata['email'] = $_POST['email'];
			if ( email_exist($_POST['email'], $userid) ) {
				prompt(__('Email地址 <b>%s</b> 已存在。', $_POST['email']));
			}
		}
		$_POST['password'] = trim($_POST['password']);
		if ( $_POST['password'] ) {
			if ( strlen($_POST['password']) < 6 ) {
				prompt(__('用户密码必须在6位以上。'));
			}
			$updata['password'] = md5($_POST['password']);
		}
		$updata['group'] = $_POST['group'];
		$updata['url'] = check_str($_POST['url']);
		$updata['sex'] = intval($_POST['sex']);
		update_user($userid, $updata);
		do_action('user_edit_save');
	} else {
		if ( !is_username($_POST['username']) ) {
			prompt(__('用户名含有非法字符。'));
		}
		if ( get_user($_POST['username'], 'username') ) {
			prompt(__('用户 <b>%s</b> 已存在。', $_POST['username']));
		}
		if ( !is_email($_POST['email']) ) {
			prompt(__('<b>%s</b> 不是有效的Email地址。', $_POST['email']));
		}
		if ( email_exist($_POST['email']) ) {
			prompt(__('Email地址 <b>%s</b> 已被使用。', $_POST['email']));
		}
		if ( strlen($_POST['password']) < 6 ) {
			prompt(__('用户密码长度不能小于6位。'));
		}
		$user = array(
			'username' => trim($_POST['username']),
			'email' => trim($_POST['email']),
			'url' => check_str($_POST['url']),
			'group' => $_POST['group'],
			'sex' => intval($_POST['sex']),
			'password' => md5(trim($_POST['password'])),
			'ischeck' => 1,
			'regtime' => NOW
		);
		$db->insert('user', $user);
		do_action('user_add_save');
	}
	redirect('admin.php?mod=user');
//编辑用户
} elseif ($ac == 'edit') {
	$result = get_user($_GET['id'], 'id');
	if ( !$result ) {
		prompt(__('用户不存在。'));
	}
//更新用户统计
} elseif ( $ac == 'update') {
	$ids = $_POST['id'];
	if ( $ids ) {
		foreach ( $ids as $uid ) {
			if ( is_numeric($uid) ) {
				$updata = array();
				$updata['posts'] = $db->count('post', "userid = '$uid' AND `type` = 'blog'");
				$updata['comments'] = $db->count('comment', "userid = '$uid'");
				$updata['attaches'] = $db->count('post', "userid = '$uid' AND `type` = 'file'");
				update_user($uid, $updata);
			}
		}
		do_action('user_update');
	}
	redirect($_USER['refer']);
//更改用户组
} elseif ($ac == 'promote') {
	$group = $_POST['group'];
	$uids = array();
	foreach ( $_POST['id'] as $val ) {
		$uids[] = intval($val);
	}
	$db->update('user', array('group'=>$group), array('id'=>$uids));
	redirect($_USER['refer']);
//删除用户
} elseif ($ac == 'delete') {
	require_once JBLOG_INC.'func_post.php';
	if ( $_POST['id'] ) {
		foreach ($_POST['id'] as $id) {
			$id = intval($id);
			if ( is_founder($id) ) continue;
			$postids = array();
			$query = $db->query("SELECT id FROM ".tname('post')." WHERE userid = '$id'");
			while ($row = $db->fetch_array($query)) {
				$postids[] = $row['id'];
			}
			del_post($postids);
			$db->query("DELETE FROM ".tname('comment')." WHERE userid = '$id'");
			$db->query("DELETE FROM ".tname('user')." WHERE id = '$id'");
			$db->query("DELETE FROM ".tname('meta')." WHERE `table` = 'user' AND 'dataid' = '$id'");
		}
		do_action('user_delete');
	}
	redirect($_USER['refer']);

//权限设置
} elseif ( $ac == 'perm' ) {
	
	if ( check_submit() ) {
		$db->insert('config', array('name' => 'usergroup_admin', 'type'=>'usergroup','value' => serialize($_POST['admin'])), true);
		$db->insert('config', array('name' => 'usergroup_author', 'type'=>'usergroup','value' => serialize($_POST['author'])), true);
		$db->insert('config', array('name' => 'usergroup_user', 'type'=>'usergroup','value' => serialize($_POST['user'])), true);
		$db->insert('config', array('name' => 'usergroup_guest', 'type'=>'usergroup','value' => serialize($_POST['guest'])), true);
		recache('usergroup','?mod=user&ac=perm');
		prompt(__('用户组权限设置更新成功。'));
	} else {
		$permission = array(
			'admin' => $db->result("SELECT `value` FROM ".tname('config')." WHERE `name` = 'usergroup_admin'"),
			'author' => $db->result("SELECT `value` FROM ".tname('config')." WHERE `name` = 'usergroup_author'"),
			'user' => $db->result("SELECT `value` FROM ".tname('config')." WHERE `name` = 'usergroup_user'"),
			'guest' => $db->result("SELECT `value` FROM ".tname('config')." WHERE `name` = 'usergroup_guest'"),
		);
		foreach ( $permission as $key => $val ) {
			if ( empty($val) ) {
				$permission[$key] = array();
			} else {
				$permission[$key] = unserialize($val);
			}
		}
	}
}

function checked($group, $type, $key) {
	global $permission;
	if ( isset($permission[$group][$type][$key]) && $permission[$group][$type][$key] == 1 ) {
		echo 'checked="checked"';
	}
}

include admin_tpl('user');